Cisco Prime Collaboration Assurance Arbitrary File Download Vulnerability

2017-02-15T16:00:00
ID CISCO-SA-20170215-PCP1
Type cisco
Reporter Cisco
Modified 2017-02-14T18:30:58

Description

A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted.

The vulnerability is due to lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to download system files that should be restricted.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1"]